A blog about servers and junk

DNS Cache Poisoning

Jul 31st, 2008

Recently a DNS expert found a flaw in the way that DNS servers talk to other DNS servers to get records that allows interested parties (hackers) to insert their own records. If you need a primer: the Wikipedia link.

Well… a DNS flaw is no fun without a tool to use it. So this guy “HD Moore” wrote a program (script) that takes advantage of this and makes it relatively easy for someone to use something called Metasploit to tinker with it. Cool!

Turns out that it works, and people are fixing their DNS servers so that this can’t happen. (I fixed mine as soon as the fix was out.) But not everyone can fix their own, often they are at the mercy of their ISP’s. (Have you ever called up your ISP’s help desk and told them they need to upgrade their DNS servers to protect them against cache poisoning? Heheheh.. right)

So one day, Mr. Moore goes to google.com on his computer at work, and guess what, its not the real google.com…